SSRF Vulnerability in BentoML Python Library Exposes Systems to Remote Attacks
CVE-2025-54381
Key Information:
Badges
What is CVE-2025-54381?
A vulnerability exists in BentoML's file upload processing system which allows unauthenticated attackers to exploit SSRF weaknesses. This issue arises due to the library's handling of multipart form data and JSON requests, enabling attackers to force the server to make arbitrary HTTP requests. The design choice of automatically downloading files from user-provided URLs without proper validation permits access to internal network resources and cloud metadata endpoints. This flaw could lead to potential data leakage or further exploitation in environments that employ BentoML. The vulnerability has been addressed in BentoML version 1.4.19, which includes a fix to mitigate the risk associated with this design oversight.
Affected Version(s)
BentoML >= 1.4.0, < 1.4.19
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.